Client Access: Allow to select Client Access Restrictions for new users

2024-05-10 13:42:42 -04:00 · 2024-05-10 13:42:42 -04:00 · 85bf412f53
parent fa064962a9
commit 85bf412f53
3 changed files with 32 additions and 1 deletions
--- a/admin_user_add_modal.php
+++ b/admin_user_add_modal.php
@ -62,6 +62,29 @@
                        </div>
                    </div>
                    <div class="form-group">
                        <label>Restrict Client Access</label>
                        <div class="input-group">
                            <div class="input-group-prepend">
                                <span class="input-group-text"><i class="fa fa-fw fa-user-shield"></i></span>
                            </div>
                            <select class="form-control select2" name="clients[]" data-placeholder="Restrict Client Access" multiple>
                                <?php
                                $sql_client_select = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_archived_at IS NULL ORDER BY client_name ASC");
                                while ($row = mysqli_fetch_array($sql_client_select)) {
                                    $client_id = intval($row['client_id']);
                                    $client_name = nullable_htmlentities($row['client_name']);
                                    ?>
                                    <option value="<?php echo $client_id; ?>"><?php echo $client_name; ?></option>
                                <?php } ?>
                            </select>
                        </div>
                        <small class="text-muted">Leave Blank for Full access to all clients, no affect on users with the admin role.</small>
                    </div>
                    <div class="form-group">
                        <label>Avatar</label>
                        <input type="file" class="form-control-file" accept="image/*;capture=camera" name="file">
--- a/inc_all_client.php
+++ b/inc_all_client.php
@ -12,7 +12,7 @@ if (isset($_GET['client_id'])) {
    // Check to see if the logged in user has permission to access this client (Admins have access to all no matter what perms are set)
    if(!in_array($client_id, $client_access_array) AND !empty($client_access_string) AND $session_user_role < 3) {
        // Logging
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client', log_action = 'Access', log_description = '$session_name was denyed permission from accessing client', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $client_id");
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client', log_action = 'Access', log_description = '$session_name was denied permission from accessing client', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $client_id");
        $_SESSION['alert_type'] = "error";
        $_SESSION['alert_message'] = "Access Denied - You do not have permission to access that client!";
--- a/post/user.php
+++ b/post/user.php
@ -18,6 +18,14 @@ if (isset($_POST['add_user'])) {
    $user_id = mysqli_insert_id($mysqli);
    // Add Client Access Permissions if set
    if (!empty($_POST['clients'])) {
        foreach($_POST['clients'] as $client_id) {
            $client_id = intval($client_id);
            mysqli_query($mysqli,"INSERT INTO user_permissions SET user_id = $user_id, client_id = $client_id");
        }
    }
    if (!file_exists("uploads/users/$user_id/")) {
        mkdir("uploads/users/$user_id");
    }